file ownership

user owner and group owner

The users and groups of a system can be locally managed in /etc/passwd and /etc/group, or they can be in a NIS, LDAP, or Samba domain. These users and groups can own files. Actually, every file has a user owner and a group owner, as can be seen in the following screenshot.

list of special files

When you use ls -l, for each file you can see ten characters before the user and group owner. The first character tells us the type of file. Regular files get a -, directories get a d, symbolic links are shown with an l, pipes get a p, character devices a c, block devices a b, and sockets an s.

Table 6.1. Unix special files

first character

file type

-

normal file

d

directory

l

symbolic link

p

named pipe

b

block device

c

character device

s

socket

Below a screenshot of a character device (the console) and a block device (the hard disk).

permissions

rwx

The nine characters following the file type denote the permissions in three triplets. A permission can be r for read access, w for write access, and x for execute. You need the r permission to list (ls) the contents of a directory. You need the x permission to enter (cd) a directory. You need the w permission to create files in or remove files from a directory.

Table 6.2. standard Unix file permissions

permission

on a file

on a directory

r (read)

read file contents (cat)

read directory contents (ls)

w (write)

change file contents (vi)

create files in (touch)

x (execute)

execute the file

enter the directory (cd)

three sets of rwx

We already know that the output of ls -l starts with ten characters for each file. This screenshot shows a regular file (because the first character is a - ).

To summarise, the first rwx triplet represents the permissions for the user owner. The second triplet corresponds to the group owner; it specifies permissions for all members of that group. The third triplet defines permissions for all other users that are not the user owner and are not a member of the group owner.

setting permissions (chmod)

Permissions can be changed with chmod. The first example gives the user owner execute permissions.

umask

When creating a file or directory, a set of default permissions are applied. These default permissions are determined by the umask. The umask specifies permissions that you do not want set on by default. You can display the umask with the umask command.

As you can also see, the file is also not executable by default. This is a general security feature among Unixes; newly created files are never executable by default. You have to explicitly do a chmod +x to make a file executable. This also means that the 1 bit in the umask has no meaning--a umask of 0022 is the same as 0033.

mkdir -m

When creating directories with mkdir you can use the -m option to set the mode. This screenshot explains.